1. Heartbleed Could Affect 2/3 of All Web Servers

CNN explains that the Heartbleed vulnerability could be putting the passwords, financial information, and even private emails of the average person at risk of exposure to hackers.

CNN notes:

“Heartbleed is a flaw in OpenSSL, an open-source encryption technology that is used by an estimated two-thirds of Web servers. It is behind many HTTPS sites that collect personal or financial information. These sites are typically indicated by a lock icon in the browser to let site visitors know the information they’re sending online is hidden from prying eyes.

Cybercriminals could exploit the bug to access visitors’ personal data as well as a site’s cryptographic keys, which can be used to impersonate that site and collect even more information.”

“You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company’s site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL…

Fortunately many large consumer sites are saved by their conservative choice of SSL/TLS termination equipment and software. Ironically smaller and more progressive services or those who have upgraded to latest and best encryption will be affected most.”

Experts state that changing all your website passwords immediately is a good first step towards protecting yourself from people exploiting Heartbleed. However, some experts believe that changing your passwords may not be enough to fully protect you, particularly if the site you are on hasn’t yet fixed its Heartbleed problem.

3. It Is Impossible to Know Whether You’re Affected

The Heartbleed FAQ cited above adds: “Exploitation of this bug leaves no traces of anything abnormal happening to the logs.” It is extremely difficult, if not impossible, to detect whether your data has been exposed through Heartbleed. This means it is equally unlikely that you can trace anyone who has stolen your data through Heartbleed.

4. Security Firm Codenomicon Discovered Heartbleed

Two of the biggest web security issues this year have been caused by coding errors. Heartbleed and Apple's SSL flaw. Code review, do it.

CNET adds that cryptography consultant Filippo Valsorda has published a tool that lets people check Web sites for Heartbleed vulnerability, which can be accessed here. CNET notes Google, Microsoft, Twitter, Facebook, Dropbox, Imgur, OKCupid, and Eventbrite were all found vulnerable by the tool.

5. There Is a Fix for Heartbleed

The video above from Tom Scott offers a non-technical breakdown of Heartbleed.

OpenSSL is aware of the Heartbleed vulnerability. In a brief statement on their site, OpenSSL states:

“Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1…